PPTP VPN Through OpenVpn ?

Discussion in 'privacy technology' started by Lyx, Jun 5, 2009.

Thread Status:
Not open for further replies.
  1. Lyx

    Lyx Registered Member

    Joined:
    Apr 4, 2009
    Posts:
    83
    When ypu connect to the internet through a VPN, you have to totally trust the VPN provider, as he knows you (at leat your ISP IP), and he knows what you are doing on the web.

    Some companies provide "double VPN" services , but the problem is, the 2 VPN servers are managed by the same company, witch seems no entirely satisfying.

    So, let suppose that I have 2 VPN client,, one from VPN provider A, and the other from vpn provider B. The idea would be to try to "chain" these VPN. It seems that chaining 2 OpenVpn clients does not work: It even does'nt connect. But no connection is lost when I do the following (in this order):

    1) first connect on a PPTP VPN,
    2) then (with user gui interface) connect on the OpenVP..


    What I am conjecturing, is that all outgoing traffic is so routed first through the PPTP VPN server, and then routed through the Open VPN server. More precisely, I am conjecturing that the VPN are not simply chained, but "onion chained", in the sense that all traffic from the web to my pc is first encrypted by the OPenVPN server of compagny B, and goes on my computer via the PPTP VPN server of compagny A. Is so, company B (witch sees what I am doing) don't knows me (B sees only my PPTP VPN IP), and company A (witch knows me, as she knows my ISP IP) don't knows what I'm doing on the web (as A's servers only are only receiving encrypted flows).


    Of course, I have verified (with site such has "seemyIP"), that the IP the web is seeing is my "Open VPN IP". But what about the rest of my conjecture ? And how to check it ?

    I have tried Route Print and Wireshark, what I saw seems to confirm that the double connection is doing what it is supposed to do, but i'm not entirely sure. What dou you think about that ?
     
  2. SteveTX

    SteveTX Registered Member

    Joined:
    Mar 27, 2007
    Posts:
    1,641
    Location:
    TX
    This is medieval thinking. Proxy chaining doesn't do anything but shift the risk to the weakest party involved. If you don't trust the VPN company not to know your identity, then you should not trust them to handle your exit traffic. Presume you did use an intermediary service between you and them. With access to your exit traffic they can discover your identity by watching your traffic and the sites you visit, or evil code injection to cause your VPN connection to leak or phone home outside the VPN.
     
  3. caspian

    caspian Registered Member

    Joined:
    Jun 17, 2007
    Posts:
    2,301
    Location:
    Oz
    If I understand correctly, chaining a proxy would be hopping from one to the next. But what if someone connected the XB VPN and then fired up one of those Metropipe Tunnelers? In my mind the way I picture it is the Tunneler would go through the VPN and out of the exit node and then on to Metropipe. So the connection was never broken, correct?

    And I assume that Xerobank would see the users IP and Metropipe would see Xerobank's IP address, right? And of course what would be left is if you trust Metropipe with your personal information.
     
  4. SteveTX

    SteveTX Registered Member

    Joined:
    Mar 27, 2007
    Posts:
    1,641
    Location:
    TX
    pipe in a pipe style is what I'm speaking of, but the issue is if you didn't trust metropipe with your IP (you think xyz vpn is evil) then don't trust them with your exit traffic.

    If i don't trust you with my house key, why would I trust you with my house?
     
  5. caspian

    caspian Registered Member

    Joined:
    Jun 17, 2007
    Posts:
    2,301
    Location:
    Oz
    So both metropipe and Xerobank would have the true IP? I had just assumed that the Metropipe Tunneler would see the connection as coming from Xerobank.
     
  6. SteveTX

    SteveTX Registered Member

    Joined:
    Mar 27, 2007
    Posts:
    1,641
    Location:
    TX
    If you are presuming that metropipe is evil/questionable/compromised, and therefore can't be trusted with the real IP address... then you should also presume they would attack your traffic as well, which can potentially lead to them discovering your true IP address, in which case you shouldn't be using a proxy chain.
     
  7. caspian

    caspian Registered Member

    Joined:
    Jun 17, 2007
    Posts:
    2,301
    Location:
    Oz
    Point well taken. And I have absolutely no idea where Metropipe is coming from. Or any other provider as far as that's concerned. I'm just trying to get an idea of how things work. And since I am the "special ed" member of the forum, I get to ask all of the dumb questions, hehe!:p
     
Loading...
Thread Status:
Not open for further replies.